Re: CSP Directive Proposal: Sandbox

Oh btw, regarding this idea of putting sandbox in a CSP rule.

I like it. But I would have preferred if it was the other way around..
And let a sandboxed iframe to have CSP rules.

Either way, If we have:

CSP: sandbox;script-src http://*

What will happen? The rules conflict with each other. I know the
answer will be, that no scripts will be allowed.. but that's counter
intuitive.. What about

CSP: sandbox allow-scripts;

Then script-src and inline-script rules are useless?

-- Eduardo

On Mon, Feb 21, 2011 at 11:33 AM, gaz Heyes <> wrote:
> On 21 February 2011 19:21, <> wrote:
>> Would be cool if we had a "disallow-navigation" rule which disallow's
>> the user to navigate to any links.
> +1
> Same domain navigations restrictions would be awesome

Received on Monday, 21 February 2011 19:39:13 UTC